And while network security experts Charlie Miller and Chris Valasek have been responsible for some of the sensational headlines regarding this potential threat, the stated motive behind the pair's highly publicized car hacking stunts is to make automakers and others pay attention to what they say is an overlooked issue. Miller, a security researcher for Twitter, and Valasek, director of vehicle security research for the consulting firm IOActive, caused a media stir last year when they used a laptop plugged into the Onboard Data Port (ODB) of a Ford Escape and Toyota Prius to wreak havoc, ranging from honking the vehicles' horns to disabling their brakes and taking over steering.

As a follow-up and to further bang the drum on the subject of car security, at the Black Hat USA security conference in Las Vegas this week the pair released a list of 20 vehicles and rated them on their vulnerability to being hacked. The ratings were based on three factors: the vehicles' network architecture, their "attack surface" via wireless access such as Bluetooth and a cellular connection, and what the researchers call "cyberphysical" features such as autonomous braking and steering. They then assigned each of the three factor a plus to indicate whether a vehicle is more susceptible to hacking or a minus if less vulnerable.

And while it would seem that as cars become more connected and technically sophisticated their "attack surface" and "cyberphysical" would make them especially vulnerable, Miller and Valasek's work indicates that the network architecture is the weakest link. For example, while the Audi A8 is one of the most tech-laden luxury sedans on the market, the pair pointed to the car as an example of a well-protected network layout since its wireless features are separated from driving functions. Consequently, it scored a minus in the network architecture category (but a double plus in attack surface and a single plus in cyberphysical).

But the Infiniti Q50 (pictured above) and Jeep Cherokee both have an insecure network architecture, according to Miller and Valasek. This is because some connected infotainment components are linked on the vehicle network to engine and braking systems that control features such as adaptive cruise control and automated parallel parking assistance. "It's a little scary that they can all talk to each other," Miller said of the Q50 to Wired.

Should Drivers Be Concerned?Unlike with their plugged-in, hands-on hacking of the Escape and Prius last year, the pair's most recent report was compiled based on studying technical manuals and wiring diagrams for the vehicles and analyzing their computer networks based on those documents. They stress that their findings regarding the security vulnerabilities of these vehicles are not conclusive and should only be considered warnings of potential weaknesses.

They added they put together the list to not only show which vehicles are most vulnerable, but also encourage the auto industry or others to take action. "You can grab a Consumer Reports magazine from a newsstand and see ratings for car safety features," Valasek said. "We're doing the same thing, but for vehicles' cybersecurity." (Miller and Valasek also recently proposed a possible solution to keep car hackers at bay: a prototype intrusion-detection device that plugs into a car's OBD port that they built for $150 in parts.)

Several automakers whose vehicles didn't fare well on the list have responded to the report. Chrysler said in a statement that its cars "are equipped with security systems that help minimize the risk from real-world threats" and that "it will endeavor to verify these claims and, if warranted, we will remediate them." Cadillac, whose 2015 Escalade made the list, said in a statement that the report's "description of the vehicle's electronic system is not fully accurate" and that that there are elements of the electronic architecture "that are private and not accessible to researchers (or thieves)."

But just as the rash of recent real-world hacks hasn't led large numbers of people to avoid online transactions or cancel their Facebook accounts, the researchers acknowledge that in the long run the benefits of connected cars may outweigh the risks of potential hacks. "An iPhone is way more hackable than a cell phone from the 1980s," Miller told CNN. "However, I'd still rather have an iPhone than an ancient cell phone. The same is true with the cars, for the most part."

Doug Newcomb is a recognized expert on the subject of car technology within the auto industry and among the automotive and general media, and a frequent speaker at automotive and consumer electronics industry events. Doug began his career in 1988 at the car stereo trade publication Mobile Electronics, before serving as editor of the leading consumer magazines covering the topic, Car Audio and Electronics and Car Stereo Review/Mobile Entertainment/Road & Track Road Gear, from 1989 to 2005. In 2005 Doug started his own company, Newcomb Communications...
More »

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service